<?php

// --------------------------------------------------------------------- //
// FLASH                                                                 //
// Display a list of records matching a criteria V1.0 build 20020518     //
// --------------------------------------------------------------------- //
// IN: searchey, offset                                                  //
// OUT: username,name,admin,active,expiry,module                         //
// --------------------------------------------------------------------- //

    // connection variables -----------------------------------------------
    $mysqlServer   = "66.226.14.61";
    $mysqlUser     = "timescape";
    $mysqlPassword = "ducati748";
    $mysqlDatabase = "timescape";
    $mysqlTable    = "german";

    // generic error messages ---------------------------------------------
    $errorConnect     = 'Unable to connect to database server.';
    $errorConnectdb   = 'Unable to use the database.';
    $errorQuery       = 'Error while accessing the database. It may be corrupted.';
    $errorIdentity    = 'Error while establishing your identity.';

    $msgResultsOk     = 'Found results matching your criteria';
    $msgNoResults     = 'No results were found';

    // retrieve session variables if they exist ---------------------------
    session_start();

    $inputUser  = isset($HTTP_SESSION_VARS['inputUser']) ? $HTTP_SESSION_VARS['inputUser'] : "";
    $inputPass  = isset($HTTP_SESSION_VARS['inputPass']) ? $HTTP_SESSION_VARS['inputPass'] : "";
    if (!isset($PHP_SELF))
        $PHP_SELF = $_SERVER['PHP_SELF'];

    // MySQL queries ------------------------------------------------------
    $verifyAdminQuery = "SELECT
                         admin, active
                         FROM $mysqlTable
                         WHERE username='$inputUser' AND password='$inputPass'";

    // connect to database ------------------------------------------------
    $dblink = @mysql_connect($mysqlServer, $mysqlUser, $mysqlPassword);
    if ($dblink == false)
    {
        echo "&search=false&message=$errorConnect&";
        exit;
    }

    if (@mysql_select_db($mysqlDatabase) == false)
    {
        echo "&search=false&message=$errorConnectdb&";
        exit;
    }

    // verify that the logged-in user is administrator/active -------------
    $resultQuery = @mysql_query($verifyAdminQuery);
    if ($resultQuery == false)
    {
        echo "&search=false&message=$errorQuery&";
        exit;
    }
    $numberOfUsers = mysql_num_rows($resultQuery);
    if ($numberOfUsers != 1)
    {
        echo "&search=false&message=$errorIdentity&";
        exit;
    }
    $security = mysql_fetch_array($resultQuery);
    if (($security['admin'] != 'Y') || ($security['active'] != 'Y'))
    {
        echo "&search=false&message=$errorIdentity&";
        exit;
    }

    // retrieve search term and offset ------------------------------------
    $resultsToDisplay = 10;
    $offset           = 0;
    $searchkey        = "";

    if (isset($HTTP_GET_VARS['searchkey']))
        $searchkey = $HTTP_GET_VARS['searchkey'];

    if (isset($HTTP_GET_VARS['offset']))
        $offset = $HTTP_GET_VARS['offset'];

    $searchQuery = "SELECT username,
                    concat(firstname, ' ', surname) as name,
                    admin,
                    active,
                    expiry,
                    module
                    FROM $mysqlTable
                    WHERE username LIKE '%$searchkey%'
                       OR firstname LIKE '%$searchkey%'
                       OR surname LIKE '%$searchkey%'
                    ORDER BY username
                    LIMIT $offset,$resultsToDisplay";

    $resultQuery = @mysql_query($searchQuery);
    if ($resultQuery == false)
    {
        echo "&search=false&message=$errorQuery&";
        exit;
    }

    $numberOfRows = mysql_num_rows($resultQuery);
    if ($numberOfRows < 1)
    {
        echo "&search=true&results=0&message=$msgNoResults&";
        exit;
    }

    echo "&search=true&results=$numberOfRows&message=$msgResultsOk&\n";

    for ($i=1; $i<=$numberOfRows; $i++)
    {
        $row = mysql_fetch_array($resultQuery);
        $username  = rawurlencode($row['username']);
        $name      = rawurlencode($row['name']);
        $admin     = ($row['admin'] == "Y") ? "administrator" : "user";
        $active    = ($row['active'] == "Y") ? "active" : "disabled";
        $expiry    = $row['expiry'];
        $module    = $row['module'];

        echo "&username$i=$username&";
        echo "&name$i=$name&";
        echo "&admin$i=$admin&";
        echo "&active$i=$active&";
        echo "&expiry$i=$expiry&";
        echo "&module$i=$module&";
        echo "\n";
    }
?>